AMENDMENTS TO THE SPECIFICATION 
Please amend the specification of the present application as set forth 
below. In accordance with the PTO*s revised annendment format, changes are 
shown by strikethrough (for deleted matter) or underlining (for added matter). 

5 

Please replace the paragraph starting at page 2, line 3, with the 
following; 

As an example of how serious this exploitation can be, consider a user 
who downloads a control that acc e ss accesses banking software on the user's 

1 0 computer. The user trusts the author of the control and the website, and uses 
the control according to its intended function. But when the user has finished 
using the control, the user may not even be aware that the control and its 
functionality remain on the user's computer. Thereafter, a web page set up by a 
hacker and accessed by the user may invoke the control and gain access to the 

15 user's banking software. The hacker may then have the ability to write 

unauthorized checks on the user's account, transfer funds electronically from 
the account, and so on. 

Please replace the paragraph starting at page 6, line 5, with the 
20 following: 

The various components and functionality described herein are 
implemented with a number of individual computers. Fig. 1 shows components 
of a_typical example of such a computer, referred by-to by reference numeral 
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100. The components shown in Fig. 1 are only examples, and are not intended 
to suggest any limitation as to the scope of the functionality of the invention; the 
invention is not necessarily dependent on the features shown in Fig. 1 . 

5 Please replace the paragraph starting at page 7, line 3, with the 

following: 

The instructions and/or program modules are stored at different times in 
the various computer-readable media that are either part of the computer or that 
can be read by the computer. Programs are typically distributed, for example, 

10 on floppy disks, CD-ROMs, DVD, or some form of communication media such 
as a modulated signal. From there, they are installed or loaded into the 
secondary memory of a computer. At execution, they are loaded at least 
partially into the computer's primary electronic memory. The invention 
described herein includes these and other various types of computer-readable 

15 media when such media contain i nstruct i ons instructions, programs, and/or 
modules for implementing the steps described below in conjunction with a 
microprocessor or other data processors. The invention also includes the 
computer itself when programmed according to the methods and techniques 
described below. 
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Please replace the paragraph starting at page 8, line 5, with the 
following: 

Computer 100 typically includes a variety of computer-readable media. 
Computer-readable media can be any available media that can be accessed by 
5 computer 100 and includes both volatile and nonvolatile media, removable and 
non-removable media. By way of example, and not limitation, computer- 
readable media may comprise computer storage media and communication 
media. "Computer storage media" includes both volatile and nonvolatile, 
removable and non-removable media implemented in any method or 

10 technology for storage of information such as computer-readable instructions, 
data structures, program modules, or other data. Computer storage media 
includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other 
memory technology, CD-ROM, digital versatile disks (DVD) or other optical disk 
storage, magnetic cassettes, magnetic tape, magnetic disk storage or other 

15 magnetic storage devices, or any other medium which can be used to store the 
desired information and which can be accessed by comput e r llO computer 100 . 
Communication media typically embodies computer-readable instructions, data 
structures, program modules or other data in a modulated data signal such as a 
carrier wave or other transport mechanism and includes any information 

20 delivery media. The term "modulated data signal" means a signal that has one 
or more if-of_its characteristics set or changed in such a manner as to encode 
information in the signal. By way of example, and not limitation, communication 
media includes wired media such as a wired network or direct-wired connection 
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and wireless media sucli as acoustic, RF, infrared and other wireless media. 
Combinations of any of the above should also be included within the scope of 
computer readable media. 

5 Please replace the paragraph starting at page 9, line 12, with the 

following: 

The computer 100 may also include other removable/non-removable, 
volatile/nonvolatile computer storage media. By way of example only, Fig. 1 
illustrates a hard disk drive 141 that reads from or writes to non-removable, 

10 nonvolatile magnetic media, a magnetic disk drive 151 that reads from or writes 
to a removable, nonvolatile magnetic disk 152, and an optical disk drive 155 
that reads from or writes to a removable, nonvolatile optical disk 156 such as a 
CD ROM or other optical media. Other removable/non-removable, 
volatile/nonvolatile computer storage media that can be used in the exemplary 

15 operating environment include, but are not limited to, magnetic tape cassettes, 
flash memory cards, digital versatile disks, digital video tape, solid state RAM, 
solid state ROM, and the like. The hard disk drive 141 is typically connected to 
the system bus 121 through af»-a_non-removable memory interface such as 
interface 140, and magnetic disk drive 151 and optical disk drive 155 are 

20 typically connected to the system bus 121 by a removable memory interface 
such as interface 150. 
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Please replace the paragraph starting at page 13, line 8. with the 
following: 

The Client computer 204 includes a processor 227 and memory 228, A 
web browser 230 is stored in the memory 228 and executes on the processor 
5 227. The web browser 230 enables the Client computer 204 to access the web 
page 212 on the server 202. As shown in Fig. 2, a copy of the web page 212 
(designated as web page 212') has been downloaded to the Client computer 
204 and is stored in the memory 228. The downloaded web page 212' includes 
a script 216' (a copy of the script 216) and a control object 218' (a copy of the 
10 control object 2+8220). A copy of the confirmation module 24 ^220 (designated 
as confirmation module 218') has been downloaded with the web page 212' and 
is a part of the control object 218'. The web page 212' is digitally signed with a 
digital signature 226' that was downloaded with the web page 212', 



15 Please replace the paragraph starting at page 13, line 22, with the 

following: 

At step 300, the web browser 230 on the Client computer 204 requests a 
download of the web page 212 from the Server computer 202. If the web page 
212 includes script 216 that invokes a control object ("Yes" branch, step 302), 
20 then the digital signature module 222 on the Server computer 202 digitally signs 
the web page 212 by attaching the digital signature 226 to the web page 212 at 
step 304. The signed web page 212 is delivered to the Client computer 202 
204 at step 306. If the web page 212 does not invoke a control object ("No" 
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branch, step 302). the web page 212 is delivered to the Client computer 204 at 
step 306 without a digital signature. 

Please replace the paragraph starting at page 14, line 11, with the 
5 following: 

At step 308, the Client computer 204 receives the web page 24^7-212' 
from the Server computer 202, On many systems, a user of the Client 
computer 204 will be notified at this point if the user wishes to download the 
web page 212 having the control object 218. For purposes of the present 
1 0 discussion, it is assumed that the user downloads the control object 248 -218' 
with the web page 242212'. 

Please replace the paragraph starting at page 14, line 22, with the 
following: 

15 If the confirmation module 220' determines that the web page 212' has 

come from the source indicated by the web page 212' ("Yes branch, step 314) , 
the confirmation module 220' then determines if the source is an authorized 
source at step ^44316: This can be done in several ways. The author of the 
control object 218' may include a list of sources that the author trusts to invoke 

20 the control object 218', or the user may be prompted at some point by the 
control object 218' to enter sources which the user trusts to invoke the control 
object 218' safely, or a list of trusted sites may be stored in the memory of the 
Client computer 204, etc. With any such implementation, the control object 218' 
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checks the name of the source against one or more source nannes to determine 
if the source is authorized to invoke the control object 218'. 

Please replace the paragraph starting at page 15, line 14, with the 
5 following: 

If the confirmation module 220' determines that the web page 212' has 
come from an authenticated and authorized source (the Server computer 202 in 
this example), then the control object 218' is executed at step 318. If the 
source cannot be authenticated ("No" branch, step S43314) or if the source is 
10 not authorized to invoke the control object 218' ("No" branch, step ^316), 
then the control object 218' will not be executed. 

Please replace the paragraph starting at page 16, line 12, with the 
following: 

15 Although the i mp l omontation implementations described herein have 

been described in language specific to structural features and/or 
methodological steps, it is to be understood that the invention defined in the 
appended claims is not necessarily limited to the specific features or steps 
described. Rather, the specific features and steps are disclosed as preferred 

20 implementations. 
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